The last time SysInternals tools were updated was in November of 2016. But, despite the delay, the first update release of 2017 is a big one. Microsoft has officially released version 6.0 of Sysmon to coincide with a RSA talk by Mark Russinovich.
Here’s what’s new:
- Sysmon v6
This release of Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces an option that displays event schema, adds an event for Sysmon configuration changes, interprets and displays registry paths in their common format, and adds named pipe create and connection events (thanks to Giulia Biagini for the contribution). Check out the related presentation from Mark’s RSA Conference, “ How to Go From Responding to Hunting with Sysinternals Sysmon.”
- Autoruns v13.7
Autoruns, an autostart entry point management utility, now reports print providers, registrations in the WMI\Default namespace, fixes a KnownDLLs enumeration bug, and has improved toolbar usability on high-DPI displays.
- AccessChk v6.1
This update to AccessChk, a command-line utility that shows effective and actual permissions for file, registry, service, process object manager, and event logs, now reports Windows 10 process trust access control entries and token security attributes.
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!